c++ - 网络怪异行为

Question

我有一个小应用程序(c++)，它连接(winsock 连接/发送)到服务器并发送一个数据包(28 字节)来检查是否有可用的更新。

该应用程序运行良好，我在不同的国家/地区进行了尝试，没有出现任何问题，但在亚洲国家/地区遇到了一些问题。

服务器在美国，测试客户端在泰国。

问题是，客户端连接正常(我可以看到服务器上的连接)，发送数据包(我可以看到客户端wireshark上传递的数据包)，但永远不会到达服务器。

此捕获来自服务器，并且是到达的内容，仅此而已。

13:37:15.103682 IP asianet.co.th.52739 > transip.net.http: Flags [S], seq 3221849952, win 8190, options [mss 1460,nop,wscale 3,nop,nop,sackOK], length 0
13:37:15.103764 IP transip.net.http > asianet.co.th.52739: Flags [R.], seq 0, ack 3221849953, win 0, length 0
13:37:18.039495 IP asianet.co.th.46755 > transip.net.http: Flags [S], seq 3299550171, win 8190, options [mss 1460,nop,wscale 3,nop,nop,sackOK], length 0

这是客户端上的捕获

No.     Time        Source                Destination           Protocol Length Info
      1 0.000000    asianet.co.th         transip.net         TCP      62     vtr-emulator > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1

Frame 1: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Dell_1e:1c:72 (78:2b:cb:1e:1c:72), Dst: Cisco_2c:17:c8 (00:21:1c:2c:17:c8)
Internet Protocol Version 4, Src: asianet.co.th (asianet.co.th), Dst: transip.net (transip.net)
Transmission Control Protocol, Src Port: vtr-emulator (3122), Dst Port: http (80), Seq: 0, Len: 0

No.     Time        Source                Destination           Protocol Length Info
      2 0.291298    transip.net         asianet.co.th         TCP      62     http > vtr-emulator [SYN, ACK] Seq=0 Ack=1 Win=8190 Len=0 MSS=1460 SACK_PERM=1

Frame 2: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Ethernet II, Src: Cisco_2c:17:c8 (00:21:1c:2c:17:c8), Dst: Dell_1e:1c:72 (78:2b:cb:1e:1c:72)
Internet Protocol Version 4, Src: transip.net (transip.net), Dst: asianet.co.th (asianet.co.th)
Transmission Control Protocol, Src Port: http (80), Dst Port: vtr-emulator (3122), Seq: 0, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Length Info
      3 0.291316    asianet.co.th         transip.net         TCP      54     vtr-emulator > http [ACK] Seq=1 Ack=1 Win=65535 Len=0

Frame 3: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_1e:1c:72 (78:2b:cb:1e:1c:72), Dst: Cisco_2c:17:c8 (00:21:1c:2c:17:c8)
Internet Protocol Version 4, Src: asianet.co.th (asianet.co.th), Dst: transip.net (transip.net)
Transmission Control Protocol, Src Port: vtr-emulator (3122), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0

No.     Time        Source                Destination           Protocol Length Info
      4 1.276972    asianet.co.th         transip.net         HTTP     82     Continuation or non-HTTP traffic

Frame 4: 82 bytes on wire (656 bits), 82 bytes captured (656 bits)
Ethernet II, Src: Dell_1e:1c:72 (78:2b:cb:1e:1c:72), Dst: Cisco_2c:17:c8 (00:21:1c:2c:17:c8)
Internet Protocol Version 4, Src: asianet.co.th (asianet.co.th), Dst: transip.net (transip.net)
Transmission Control Protocol, Src Port: vtr-emulator (3122), Dst Port: http (80), Seq: 1, Ack: 1, Len: 28
Hypertext Transfer Protocol

No.     Time        Source                Destination           Protocol Length Info
      5 1.278358    transip.net         asianet.co.th         TCP      60     http > vtr-emulator [ACK] Seq=1 Ack=29 Win=27712 Len=0

Frame 5: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Cisco_2c:17:c8 (00:21:1c:2c:17:c8), Dst: Dell_1e:1c:72 (78:2b:cb:1e:1c:72)
Internet Protocol Version 4, Src: transip.net (transip.net), Dst: asianet.co.th (asianet.co.th)
Transmission Control Protocol, Src Port: http (80), Dst Port: vtr-emulator (3122), Seq: 1, Ack: 29, Len: 0

No.     Time        Source                Destination           Protocol Length Info
      6 1.289416    asianet.co.th         transip.net         TCP      54     vtr-emulator > http [RST, ACK] Seq=29 Ack=1 Win=0 Len=0

Frame 6: 54 bytes on wire (432 bits), 54 bytes captured (432 bits)
Ethernet II, Src: Dell_1e:1c:72 (78:2b:cb:1e:1c:72), Dst: Cisco_2c:17:c8 (00:21:1c:2c:17:c8)
Internet Protocol Version 4, Src: asianet.co.th (asianet.co.th), Dst: transip.net (transip.net)
Transmission Control Protocol, Src Port: vtr-emulator (3122), Dst Port: http (80), Seq: 29, Ack: 1, Len: 0

注意:如果您在任何地方看到“http”，那只是因为服务器在端口 80 上工作。

注2:客户端捕获的第 4 帧是我的数据包。

我知道找出问题所在可能很复杂，但也许有人可以给我线索。

谢谢。-

Answer 1

您的服务器端捕获显示服务器将 RESET 发送回客户端，即拒绝连接。

另一方面，客户端捕获显示已完成的三向 TCP 握手。这可以通过服务器前面的防火墙/路由器试图阻止 SYN-flood attacks 来解释。通过伪装成目标 TCP 目的地，完成握手，然后才将其重播到其后面的监听服务器。此外，在这种防御场景中，TCP 序列号通常会重新映射。然后，您稍后会在客户端捕获中看到 RST。

两次捕获之间客户端的源端口号不匹配(假设是同一个对话)的事实也指向中间的某些内容。

检查您的 DNS 是否正确。检查路径中有哪些中间设备(防火墙、交换机、路由器)以及它们正在做什么。确保您的服务器软件实际上正在监听该端口 80。